mirror of
https://github.com/bitwarden/browser
synced 2025-12-16 16:23:44 +00:00
updates for 2fa auth services
This commit is contained in:
Kyle Spearrin
@@ -10,6 +10,7 @@ import { TwoFactorEmailRequest } from '../models/request/twoFactorEmailRequest';
|
|||||||
import { CipherResponse } from '../models/response/cipherResponse';
|
import { CipherResponse } from '../models/response/cipherResponse';
|
||||||
import { FolderResponse } from '../models/response/folderResponse';
|
import { FolderResponse } from '../models/response/folderResponse';
|
||||||
import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
|
import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
|
||||||
|
import { IdentityTwoFactorResponse } from '../models/response/identityTwoFactorResponse';
|
||||||
import { SyncResponse } from '../models/response/syncResponse';
|
import { SyncResponse } from '../models/response/syncResponse';
|
||||||
|
|
||||||
export abstract class ApiService {
|
export abstract class ApiService {
|
||||||
@@ -20,7 +21,7 @@ export abstract class ApiService {
|
|||||||
logoutCallback: Function;
|
logoutCallback: Function;
|
||||||
|
|
||||||
setUrls: (urls: EnvironmentUrls) => void;
|
setUrls: (urls: EnvironmentUrls) => void;
|
||||||
postIdentityToken: (request: TokenRequest) => Promise<IdentityTokenResponse | any>;
|
postIdentityToken: (request: TokenRequest) => Promise<IdentityTokenResponse | IdentityTwoFactorResponse>;
|
||||||
refreshIdentityToken: () => Promise<any>;
|
refreshIdentityToken: () => Promise<any>;
|
||||||
postTwoFactorEmail: (request: TwoFactorEmailRequest) => Promise<any>;
|
postTwoFactorEmail: (request: TwoFactorEmailRequest) => Promise<any>;
|
||||||
getAccountRevisionDate: () => Promise<number>;
|
getAccountRevisionDate: () => Promise<number>;
|
||||||
|
|||||||
@@ -1,5 +1,15 @@
|
|||||||
|
import { TwoFactorProviderType } from '../enums/twoFactorProviderType';
|
||||||
|
|
||||||
|
import { AuthResult } from '../models/domain/authResult';
|
||||||
|
|
||||||
export abstract class AuthService {
|
export abstract class AuthService {
|
||||||
logIn: (email: string, masterPassword: string, twoFactorProvider?: number, twoFactorToken?: string,
|
email: string;
|
||||||
remember?: boolean) => Promise<any>;
|
masterPasswordHash: string;
|
||||||
|
twoFactorProviders: Map<TwoFactorProviderType, { [key: string]: string; }>;
|
||||||
|
|
||||||
|
logIn: (email: string, masterPassword: string) => Promise<AuthResult>;
|
||||||
|
logInTwoFactor: (twoFactorProvider: TwoFactorProviderType, twoFactorToken: string,
|
||||||
|
remember?: boolean) => Promise<AuthResult>;
|
||||||
logOut: (callback: Function) => void;
|
logOut: (callback: Function) => void;
|
||||||
|
getDefaultTwoFactorProvider: (u2fSupported: boolean) => TwoFactorProviderType;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -15,4 +15,5 @@ export abstract class PlatformUtilsService {
|
|||||||
launchUri: (uri: string, options?: any) => void;
|
launchUri: (uri: string, options?: any) => void;
|
||||||
saveFile: (win: Window, blobData: any, blobOptions: any, fileName: string) => void;
|
saveFile: (win: Window, blobData: any, blobOptions: any, fileName: string) => void;
|
||||||
getApplicationVersion: () => string;
|
getApplicationVersion: () => string;
|
||||||
|
supportsU2f: (win: Window) => boolean;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -3,3 +3,4 @@ export { DeviceType } from './deviceType';
|
|||||||
export { EncryptionType } from './encryptionType';
|
export { EncryptionType } from './encryptionType';
|
||||||
export { FieldType } from './fieldType';
|
export { FieldType } from './fieldType';
|
||||||
export { SecureNoteType } from './secureNoteType';
|
export { SecureNoteType } from './secureNoteType';
|
||||||
|
export { TwoFactorProviderType } from './twoFactorProviderType';
|
||||||
|
|||||||
8
src/enums/twoFactorProviderType.ts
Normal file
8
src/enums/twoFactorProviderType.ts
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
export enum TwoFactorProviderType {
|
||||||
|
Authenticator = 0,
|
||||||
|
Email = 1,
|
||||||
|
Duo = 2,
|
||||||
|
Yubikey = 3,
|
||||||
|
U2f = 4,
|
||||||
|
Remember = 5,
|
||||||
|
}
|
||||||
6
src/models/domain/authResult.ts
Normal file
6
src/models/domain/authResult.ts
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
import { TwoFactorProviderType } from '../../enums/twoFactorProviderType';
|
||||||
|
|
||||||
|
export class AuthResult {
|
||||||
|
twoFactor: boolean = false;
|
||||||
|
twoFactorProviders: Map<TwoFactorProviderType, { [key: string]: string; }> = null;
|
||||||
|
}
|
||||||
@@ -1,4 +1,5 @@
|
|||||||
export { Attachment } from './attachment';
|
export { Attachment } from './attachment';
|
||||||
|
export { AuthResult } from './authResult';
|
||||||
export { Card } from './card';
|
export { Card } from './card';
|
||||||
export { Cipher } from './cipher';
|
export { Cipher } from './cipher';
|
||||||
export { CipherString } from './cipherString';
|
export { CipherString } from './cipherString';
|
||||||
|
|||||||
17
src/models/response/identityTwoFactorResponse.ts
Normal file
17
src/models/response/identityTwoFactorResponse.ts
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
import { TwoFactorProviderType } from '../../enums/twoFactorProviderType';
|
||||||
|
|
||||||
|
export class IdentityTwoFactorResponse {
|
||||||
|
twoFactorProviders: TwoFactorProviderType[];
|
||||||
|
twoFactorProviders2 = new Map<TwoFactorProviderType, { [key: string]: string; }>();
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.twoFactorProviders = response.TwoFactorProviders;
|
||||||
|
if (response.TwoFactorProviders2 != null) {
|
||||||
|
for (const prop in response.TwoFactorProviders2) {
|
||||||
|
if (response.TwoFactorProviders2.hasOwnProperty(prop)) {
|
||||||
|
this.twoFactorProviders2.set(parseInt(prop, null), response.TwoFactorProviders2[prop]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -7,6 +7,7 @@ export { ErrorResponse } from './errorResponse';
|
|||||||
export { FolderResponse } from './folderResponse';
|
export { FolderResponse } from './folderResponse';
|
||||||
export { GlobalDomainResponse } from './globalDomainResponse';
|
export { GlobalDomainResponse } from './globalDomainResponse';
|
||||||
export { IdentityTokenResponse } from './identityTokenResponse';
|
export { IdentityTokenResponse } from './identityTokenResponse';
|
||||||
|
export { IdentityTwoFactorResponse } from './identityTwoFactorResponse';
|
||||||
export { KeysResponse } from './keysResponse';
|
export { KeysResponse } from './keysResponse';
|
||||||
export { ListResponse } from './listResponse';
|
export { ListResponse } from './listResponse';
|
||||||
export { ProfileOrganizationResponse } from './profileOrganizationResponse';
|
export { ProfileOrganizationResponse } from './profileOrganizationResponse';
|
||||||
|
|||||||
@@ -17,6 +17,7 @@ import { CipherResponse } from '../models/response/cipherResponse';
|
|||||||
import { ErrorResponse } from '../models/response/errorResponse';
|
import { ErrorResponse } from '../models/response/errorResponse';
|
||||||
import { FolderResponse } from '../models/response/folderResponse';
|
import { FolderResponse } from '../models/response/folderResponse';
|
||||||
import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
|
import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
|
||||||
|
import { IdentityTwoFactorResponse } from '../models/response/identityTwoFactorResponse';
|
||||||
import { SyncResponse } from '../models/response/syncResponse';
|
import { SyncResponse } from '../models/response/syncResponse';
|
||||||
|
|
||||||
export class ApiService implements ApiServiceAbstraction {
|
export class ApiService implements ApiServiceAbstraction {
|
||||||
@@ -72,7 +73,7 @@ export class ApiService implements ApiServiceAbstraction {
|
|||||||
|
|
||||||
// Auth APIs
|
// Auth APIs
|
||||||
|
|
||||||
async postIdentityToken(request: TokenRequest): Promise<IdentityTokenResponse | any> {
|
async postIdentityToken(request: TokenRequest): Promise<IdentityTokenResponse | IdentityTwoFactorResponse> {
|
||||||
const response = await fetch(new Request(this.identityBaseUrl + '/connect/token', {
|
const response = await fetch(new Request(this.identityBaseUrl + '/connect/token', {
|
||||||
body: this.qsStringify(request.toIdentityToken()),
|
body: this.qsStringify(request.toIdentityToken()),
|
||||||
cache: 'no-cache',
|
cache: 'no-cache',
|
||||||
@@ -96,7 +97,7 @@ export class ApiService implements ApiServiceAbstraction {
|
|||||||
} else if (response.status === 400 && responseJson.TwoFactorProviders2 &&
|
} else if (response.status === 400 && responseJson.TwoFactorProviders2 &&
|
||||||
Object.keys(responseJson.TwoFactorProviders2).length) {
|
Object.keys(responseJson.TwoFactorProviders2).length) {
|
||||||
await this.tokenService.clearTwoFactorToken(request.email);
|
await this.tokenService.clearTwoFactorToken(request.email);
|
||||||
return responseJson.TwoFactorProviders2;
|
return new IdentityTwoFactorResponse(responseJson);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,40 +1,148 @@
|
|||||||
|
import { TwoFactorProviderType } from '../enums/twoFactorProviderType';
|
||||||
|
|
||||||
|
import { AuthResult } from '../models/domain/authResult';
|
||||||
|
import { SymmetricCryptoKey } from '../models/domain/symmetricCryptoKey';
|
||||||
|
|
||||||
import { DeviceRequest } from '../models/request/deviceRequest';
|
import { DeviceRequest } from '../models/request/deviceRequest';
|
||||||
import { TokenRequest } from '../models/request/tokenRequest';
|
import { TokenRequest } from '../models/request/tokenRequest';
|
||||||
|
|
||||||
|
import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
|
||||||
|
import { IdentityTwoFactorResponse } from '../models/response/identityTwoFactorResponse';
|
||||||
|
|
||||||
import { ConstantsService } from '../services/constants.service';
|
import { ConstantsService } from '../services/constants.service';
|
||||||
|
|
||||||
import { ApiService } from '../abstractions/api.service';
|
import { ApiService } from '../abstractions/api.service';
|
||||||
import { AppIdService } from '../abstractions/appId.service';
|
import { AppIdService } from '../abstractions/appId.service';
|
||||||
import { CryptoService } from '../abstractions/crypto.service';
|
import { CryptoService } from '../abstractions/crypto.service';
|
||||||
|
import { I18nService } from '../abstractions/i18n.service';
|
||||||
import { MessagingService } from '../abstractions/messaging.service';
|
import { MessagingService } from '../abstractions/messaging.service';
|
||||||
import { PlatformUtilsService } from '../abstractions/platformUtils.service';
|
import { PlatformUtilsService } from '../abstractions/platformUtils.service';
|
||||||
import { TokenService } from '../abstractions/token.service';
|
import { TokenService } from '../abstractions/token.service';
|
||||||
import { UserService } from '../abstractions/user.service';
|
import { UserService } from '../abstractions/user.service';
|
||||||
|
|
||||||
|
export const TwoFactorProviders = {
|
||||||
|
[TwoFactorProviderType.Authenticator]: {
|
||||||
|
name: null as string,
|
||||||
|
description: null as string,
|
||||||
|
active: true,
|
||||||
|
free: true,
|
||||||
|
displayOrder: 0,
|
||||||
|
priority: 1,
|
||||||
|
},
|
||||||
|
[TwoFactorProviderType.Yubikey]: {
|
||||||
|
name: null as string,
|
||||||
|
description: null as string,
|
||||||
|
active: true,
|
||||||
|
free: false,
|
||||||
|
displayOrder: 1,
|
||||||
|
priority: 3,
|
||||||
|
},
|
||||||
|
[TwoFactorProviderType.Duo]: {
|
||||||
|
name: 'Duo',
|
||||||
|
description: null as string,
|
||||||
|
active: true,
|
||||||
|
free: false,
|
||||||
|
displayOrder: 2,
|
||||||
|
priority: 2,
|
||||||
|
},
|
||||||
|
[TwoFactorProviderType.U2f]: {
|
||||||
|
name: null as string,
|
||||||
|
description: null as string,
|
||||||
|
active: true,
|
||||||
|
free: false,
|
||||||
|
displayOrder: 3,
|
||||||
|
priority: 4,
|
||||||
|
},
|
||||||
|
[TwoFactorProviderType.Email]: {
|
||||||
|
name: null as string,
|
||||||
|
description: null as string,
|
||||||
|
active: true,
|
||||||
|
free: false,
|
||||||
|
displayOrder: 4,
|
||||||
|
priority: 0,
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
export class AuthService {
|
export class AuthService {
|
||||||
constructor(public cryptoService: CryptoService, public apiService: ApiService, public userService: UserService,
|
email: string;
|
||||||
public tokenService: TokenService, public appIdService: AppIdService,
|
masterPasswordHash: string;
|
||||||
public platformUtilsService: PlatformUtilsService, public constantsService: ConstantsService,
|
twoFactorProviders: Map<TwoFactorProviderType, { [key: string]: string; }>;
|
||||||
public messagingService: MessagingService) {
|
|
||||||
|
private key: SymmetricCryptoKey;
|
||||||
|
|
||||||
|
constructor(private cryptoService: CryptoService, private apiService: ApiService, private userService: UserService,
|
||||||
|
private tokenService: TokenService, private appIdService: AppIdService, private i18nService: I18nService,
|
||||||
|
private platformUtilsService: PlatformUtilsService, private constantsService: ConstantsService,
|
||||||
|
private messagingService: MessagingService) {
|
||||||
}
|
}
|
||||||
|
|
||||||
async logIn(email: string, masterPassword: string, twoFactorProvider?: number,
|
init() {
|
||||||
twoFactorToken?: string, remember?: boolean) {
|
TwoFactorProviders[TwoFactorProviderType.Email].name = this.i18nService.t('emailTitle');
|
||||||
|
TwoFactorProviders[TwoFactorProviderType.Email].description = this.i18nService.t('emailDesc');
|
||||||
|
|
||||||
|
TwoFactorProviders[TwoFactorProviderType.Authenticator].name = this.i18nService.t('authenticatorAppTitle');
|
||||||
|
TwoFactorProviders[TwoFactorProviderType.Authenticator].description =
|
||||||
|
this.i18nService.t('authenticatorAppDesc');
|
||||||
|
|
||||||
|
TwoFactorProviders[TwoFactorProviderType.Duo].description = this.i18nService.t('duoDesc');
|
||||||
|
|
||||||
|
TwoFactorProviders[TwoFactorProviderType.U2f].name = this.i18nService.t('u2fTitle');
|
||||||
|
TwoFactorProviders[TwoFactorProviderType.U2f].description = this.i18nService.t('u2fDesc');
|
||||||
|
|
||||||
|
TwoFactorProviders[TwoFactorProviderType.Yubikey].name = this.i18nService.t('yubiKeyTitle');
|
||||||
|
TwoFactorProviders[TwoFactorProviderType.Yubikey].description = this.i18nService.t('yubiKeyDesc');
|
||||||
|
}
|
||||||
|
|
||||||
|
async logIn(email: string, masterPassword: string): Promise<AuthResult> {
|
||||||
email = email.toLowerCase();
|
email = email.toLowerCase();
|
||||||
|
|
||||||
const key = this.cryptoService.makeKey(masterPassword, email);
|
const key = this.cryptoService.makeKey(masterPassword, email);
|
||||||
const appId = await this.appIdService.getAppId();
|
|
||||||
const storedTwoFactorToken = await this.tokenService.getTwoFactorToken(email);
|
|
||||||
const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
|
const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
|
||||||
|
return await this.logInHelper(email, hashedPassword, key);
|
||||||
|
}
|
||||||
|
|
||||||
|
async logInTwoFactor(twoFactorProvider: TwoFactorProviderType, twoFactorToken: string,
|
||||||
|
remember?: boolean): Promise<AuthResult> {
|
||||||
|
return await this.logInHelper(this.email, this.masterPasswordHash, this.key, twoFactorProvider,
|
||||||
|
twoFactorToken, remember);
|
||||||
|
}
|
||||||
|
|
||||||
|
logOut(callback: Function) {
|
||||||
|
callback();
|
||||||
|
}
|
||||||
|
|
||||||
|
getDefaultTwoFactorProvider(u2fSupported: boolean): TwoFactorProviderType {
|
||||||
|
if (this.twoFactorProviders == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
let providerType: TwoFactorProviderType = null;
|
||||||
|
let providerPriority = -1;
|
||||||
|
this.twoFactorProviders.forEach((value, type) => {
|
||||||
|
const provider = (TwoFactorProviders as any)[type];
|
||||||
|
if (provider != null && provider.active && provider.priority > providerPriority) {
|
||||||
|
if (type === TwoFactorProviderType.U2f && !u2fSupported) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
providerType = type;
|
||||||
|
providerPriority = provider.priority;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
return providerType;
|
||||||
|
}
|
||||||
|
|
||||||
|
private async logInHelper(email: string, hashedPassword: string, key: SymmetricCryptoKey,
|
||||||
|
twoFactorProvider?: TwoFactorProviderType, twoFactorToken?: string, remember?: boolean): Promise<AuthResult> {
|
||||||
|
const storedTwoFactorToken = await this.tokenService.getTwoFactorToken(email);
|
||||||
|
const appId = await this.appIdService.getAppId();
|
||||||
const deviceRequest = new DeviceRequest(appId, this.platformUtilsService);
|
const deviceRequest = new DeviceRequest(appId, this.platformUtilsService);
|
||||||
|
|
||||||
let request: TokenRequest;
|
let request: TokenRequest;
|
||||||
|
|
||||||
if (twoFactorToken != null && twoFactorProvider != null) {
|
if (twoFactorToken != null && twoFactorProvider != null) {
|
||||||
request = new TokenRequest(email, hashedPassword, twoFactorProvider, twoFactorToken, remember,
|
request = new TokenRequest(email, hashedPassword, twoFactorProvider, twoFactorToken, remember,
|
||||||
deviceRequest);
|
deviceRequest);
|
||||||
} else if (storedTwoFactorToken) {
|
} else if (storedTwoFactorToken != null) {
|
||||||
request = new TokenRequest(email, hashedPassword, this.constantsService.twoFactorProvider.remember,
|
request = new TokenRequest(email, hashedPassword, this.constantsService.twoFactorProvider.remember,
|
||||||
storedTwoFactorToken, false, deviceRequest);
|
storedTwoFactorToken, false, deviceRequest);
|
||||||
} else {
|
} else {
|
||||||
@@ -42,37 +150,41 @@ export class AuthService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const response = await this.apiService.postIdentityToken(request);
|
const response = await this.apiService.postIdentityToken(request);
|
||||||
if (!response) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!response.accessToken) {
|
this.clearState();
|
||||||
|
const result = new AuthResult();
|
||||||
|
result.twoFactor = !(response as any).accessToken;
|
||||||
|
|
||||||
|
if (result.twoFactor) {
|
||||||
// two factor required
|
// two factor required
|
||||||
return {
|
const twoFactorResponse = response as IdentityTwoFactorResponse;
|
||||||
twoFactor: true,
|
this.email = email;
|
||||||
twoFactorProviders: response,
|
this.masterPasswordHash = hashedPassword;
|
||||||
};
|
this.key = key;
|
||||||
|
this.twoFactorProviders = twoFactorResponse.twoFactorProviders2;
|
||||||
|
result.twoFactorProviders = twoFactorResponse.twoFactorProviders2;
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (response.twoFactorToken) {
|
const tokenResponse = response as IdentityTokenResponse;
|
||||||
this.tokenService.setTwoFactorToken(response.twoFactorToken, email);
|
if (tokenResponse.twoFactorToken != null) {
|
||||||
|
this.tokenService.setTwoFactorToken(tokenResponse.twoFactorToken, email);
|
||||||
}
|
}
|
||||||
|
|
||||||
await this.tokenService.setTokens(response.accessToken, response.refreshToken);
|
await this.tokenService.setTokens(tokenResponse.accessToken, tokenResponse.refreshToken);
|
||||||
await this.cryptoService.setKey(key);
|
await this.cryptoService.setKey(key);
|
||||||
await this.cryptoService.setKeyHash(hashedPassword);
|
await this.cryptoService.setKeyHash(hashedPassword);
|
||||||
await this.userService.setUserIdAndEmail(this.tokenService.getUserId(), this.tokenService.getEmail());
|
await this.userService.setUserIdAndEmail(this.tokenService.getUserId(), this.tokenService.getEmail());
|
||||||
await this.cryptoService.setEncKey(response.key);
|
await this.cryptoService.setEncKey(tokenResponse.key);
|
||||||
await this.cryptoService.setEncPrivateKey(response.privateKey);
|
await this.cryptoService.setEncPrivateKey(tokenResponse.privateKey);
|
||||||
|
|
||||||
this.messagingService.send('loggedIn');
|
this.messagingService.send('loggedIn');
|
||||||
return {
|
return result;
|
||||||
twoFactor: false,
|
|
||||||
twoFactorProviders: null,
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
||||||
logOut(callback: Function) {
|
private clearState(): void {
|
||||||
callback();
|
this.email = null;
|
||||||
|
this.masterPasswordHash = null;
|
||||||
|
this.twoFactorProviders = null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -434,7 +434,7 @@ export class CipherService implements CipherServiceAbstraction {
|
|||||||
let aName = a.name;
|
let aName = a.name;
|
||||||
let bName = b.name;
|
let bName = b.name;
|
||||||
|
|
||||||
let result = this.i18nService.collator ? this.i18nService.collator.compare(aName, bName) :
|
const result = this.i18nService.collator ? this.i18nService.collator.compare(aName, bName) :
|
||||||
aName.localeCompare(bName);
|
aName.localeCompare(bName);
|
||||||
|
|
||||||
if (result !== 0 || a.type !== CipherType.Login || b.type !== CipherType.Login) {
|
if (result !== 0 || a.type !== CipherType.Login || b.type !== CipherType.Login) {
|
||||||
|
|||||||
Reference in New Issue
Block a user